Security


Microsoft Addresses Zero-Day Flaws in March Security Patch Release

Microsoft released security patches on "update Tuesday" to address 64 common vulnerabilities and exposures (CVEs), which were typically associated with products like Windows, Office services and Microsoft's browsers.

Google Issues Update for Zero-Day Flaw, But 32-Bit Windows 7 Systems Still Subject to Attack

Google on Thursday described two "zero-day" vulnerabilities affecting both the Google Chrome browser and Windows 7 systems that are being actively used in targeted attacks.

How To Grade Your Organization's Office 365 Security Level

With Office 365 emerging as a big target for today's hackers, it's important to know how your organization's security measures up.

Microsoft Adds Threat Intelligence to Azure Firewall

Microsoft added a few improvements to Azure Firewall, its firewall-as-a-service security offering for organizations using Azure virtual machines.

W3C Affirms WebAuthn Standard for Authentications Without Passwords

The World Wide Web Consortium (W3C) announced on Monday that the Web Authentication (WebAuthn) specification is now considered to be an official W3C standard, which likely will accelerate passwordless authentications for Web transactions.

Windows 7 Extended Security Updates Plan Available Next Month

Microsoft plans to start selling its Windows 7 Extended Security Updates plan to organizations on April 1, 2019, according to a Friday announcement.

Silver Pins

How To Control Your Microsoft Office Metadata

Metadata can say a lot about a given document -- as well as the document's creator. Here's how to manage what types metadata appear in your Office documents to protect your security while still giving useful information.

Windows Defender ATP Support for Windows 7 and Windows 8.1 Reaches 'General Availability'

The Windows Defender Advanced Threat Protection service can now be used to help address security issues with Windows 7 and Windows 8.1 clients.

Microsoft Issues Windows Server HTTP/2 Attack Advisory

Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.

Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

Microsoft on Friday described its 2019 timeline for when it will start distrusting Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

Windows 10 Version 1809 Users May Get Visual Studio Crashes

Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

Security Researchers Highlight Exchange and IE Zero-Day in February Microsoft Patches

Microsoft's February "update Tuesday" release was notable for delivering major security updates and architectural changes to all supported Exchange Server products, along with a "zero-day" IE patch.

Microsoft Releases Quarterly Updates to Exchange Server, Delivers Security Fixes and Architectural Changes

Microsoft took the rare step of announcing the release of Exchange Server quarterly updates that will include "critical security" fixes, while also changing the architectures of all supported Exchange Server products.

Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

Microsoft on Monday touted its Azure Advanced Threat Protection (ATP) service as being capable of alerting organizations when they are subject to NT LAN Manager (NTLM) relay attacks.

Office Windows

Should You Rethink Your Office Patching Strategy?

Buggy patches are all but inevitable -- especially, it seems, if they're from Microsoft. Maybe the old wait-and-see approach to Office patching is worth a second look.

Microsoft Previews SAML Token Encryption in Azure Active Directory

Microsoft has been adding to its Azure Active Directory capabilities in recent weeks.

Microsoft Issues Yet Another Exchange Server Security Advisory

Microsoft on Monday issued Security Advisory ADV190007 concerning an elevation-of-privilege vulnerability that's present in most Exchange Server versions.

Windows Update Classifications Can Cause Orgs To Miss Fixes to Bad Patches

Organizations using Microsoft's tools to manage Windows updates could be missing out on early fixes to problems because of the way Microsoft classifies its updates.

NSA Offers Guide on Speculative Execution Side-Channel Attacks

The U.S. National Security Agency issued updated guidance late last month on the various speculative execution side-channel flaws that open up all systems using modern processors to potential attacks.

Subscribe on YouTube

Upcoming Training Events